Insider threats:
Malicious (intentional theft/sabotage),
Negligent (accidental data loss/misconfiguration),
Compromised (external attacker using insider's credentials).
Negligent insiders cause more incidents than malicious ones. Controls: least privilege (limit access), DLP (detect exfiltration), UEBA (detect behavior anomalies), PAM session recording (audit admin actions), separation of duties, background checks. Offboarding procedures critical for malicious insiders.